Posted by: David Harley | February 16, 2018

Screenshots and sandboxes

John Gruber: The Threat to the Mac: The Growing Popularity of Non-Native Apps

Mac apps have been able to “see” the entire display ever since the Mac debuted. The Mac needs … the power for apps to shoot the user in the foot.

An example from the sandbox debate (also quoted by Gruber):

“Cocoa-based Mac apps are rapidly being eaten by web apps and Electron psuedo-desktop apps. For Mac apps to survive, they must capitalize on their strengths: superior performance, better system integration, better dev experience, more features, and higher general quality.

But the app sandbox strikes at all of those. In return it offers security inferior to a web app, as this post illustrates.”

The screenshot issue (from Felix Krause): Mac Privacy: Sandboxed Mac apps can record your screen at any time without you knowing

David Harley

Posted by: David Harley | February 15, 2018

Android ransomware info from ESET

ESET: blog article and pointer to paper. Android ransomware in 2017: Innovative infiltration and rougher extortion

“To find out more about ransomware on Android, the nastiest variants of the past year, as well as the most noteworthy examples since 2013, read the new whitepaper by ESET: Android Ransomware: From Android Defender To Doublelocker.

David Harley

Posted by: David Harley | February 8, 2018

iBoot firmware source leak

Chris Williams for The Register: Apple’s top-secret iBoot firmware source code spills onto GitHub for some insane reason

Williams says:

“The confidential source code to Apple’s iBoot firmware in iPhones, iPads and other iOS devices has been leaked into a public GitHub repo.”

There’s no need to panic: no-one is suggesting an immediate threat to iOS end users. But some of us will be very interested to see how this plays out.

David Harley

Posted by: David Harley | January 31, 2018

Google: defending against Android malware

Google waxes optimistic on its Android Developers Blog: How we fought bad apps and malicious developers in 2017. Andrew Ahn says:

We’ve also developed new detection models and techniques that can identify repeat offenders and abusive developer networks at scale. This resulted in taking down of 100,000 bad developers in 2017, and made it more difficult for bad actors to create new accounts and attempt to publish yet another set of bad apps.

For The Parallax, Seth Rosenblatt quotes Andrew Ahn as saying that:

…of all the malicious apps submitted to Google Play, only 1 percent of them make it past Google’s filters to consumers…

To put those figures into some sort of perspective, states that as of December 2017, 3.5 million apps were available from the Google Play store, though it’s not clear what percentage of apps submitted at any given time are malicious. However, it’s reassuring that Rosenblatt is also able to quote a spokesman as saying that:

…the company detects “most” malware successfully uploaded to Google Play “within a day.”

Graham Cluley, for ESET, notes that Google smashed over 700,000 bad Android apps last year but advises caution:

Despite the reports from Google’s Android security team of impressive improvements, the truth is that bad apps have often been found on the Google Play store, and barely a week goes by without reports of malicious Android apps being discovered and sometimes downloaded thousands of times.

I won’t dispute Ahn’s claim that “You have a lower probability of being infected by malware from Play than being hit by lightning” – I don’t have exact figures either way. But it’s clear that Google Play is probably significantly safer than alternative Android app stores.

David Harley

Posted by: David Harley | January 24, 2018

macOS and iOS fixes – Spectre and Meltdown

The Register. It’s 2018 and your Macs, iPhones can be pwned by playing evil music (Actually mostly about macOS and iOS patches including Spectre and Meltdown fixes.)

David Harley

Posted by: David Harley | January 20, 2018

macOS DNS hi-jacker

Patrick Wardle: Ay MaMi -› Analyzing a New macOS DNS Hijacker: OSX/MaMi.

Analysis of malware Patrick calls OSX/MaMi. Irritatingly, he presents hashes as screendumps rather than text, but if I have transcribed it correctly it’s SHA-256 5586be30d505216bdc912605481f9c8c7bfd52748f66c5e212160f6b31fd8571, detected at time of writing by 28 out of 58 engines, according to VirusTotal.

NB: VT doesn’t use all the functionality of the engines it uses, so it’s possible that some other engines will block/detect it even though they aren’t yet listed there, but the figures do at least give some idea of how many products have added detection since Patrick originally checked.

David Harley

Posted by: David Harley | January 16, 2018

Android Spyware

Securelist (Kaspersky) – Skygofree: Following in the footsteps of HackingTeam

David Harley

Posted by: David Harley | January 13, 2018

Fruitfly – Graham Cluley’s take for ESET

… Fruitfly malware spied on Mac users for 13 years – man charged

David Harley

Posted by: David Harley | January 12, 2018

Fruitfly: alleged author’s wings clipped…

…well, charged, not convicted.

Sophos considers the story here: Man charged with spying on thousands of Mac users for 13 years

Taylor Armerding tells us that an Ohio man

‘was charged with Computer Fraud and Abuse Act violations, Wiretap Act violations, production of child abuse imagery, and aggravated identity theft, according to a Department of Justice (DoJ) press release.’

David Harley

Posted by: David Harley | January 12, 2018

macOS DNS Hijacker

Patrick Wardle/Objective-See: Ay MaMi – › Analyzing a (new?) macOS DNS Hijacker: OSX/MaMi

(Speaks for itself, really).

David Harley

Older Posts »